Press ESC to close

Cl0p Ransomware Exploits Cleo Vulnerability, Threatens Data Leaks

Category Details
Threat Actors Cl0p ransomware group
Campaign Overview Exploitation of a critical vulnerability in Cleo’s managed file transfer software (Cleo Harmony, VLTrader, LexiCom)
Target Regions/Victims Businesses globally, particularly those using Cleo’s MFT products
Methodology Exploitation of a zero-day vulnerability (CVE-2024-55956) to breach networks and steal data; threat of data leak unless ransom is paid
Product Targeted Cleo’s managed file transfer software (Cleo Harmony, VLTrader, LexiCom)
Malware Reference Ransomware (Cl0p), SQL injection (CVE-2023-34362, MOVEit incident)
Tools Used Zero-day exploit, SQL injection (CVE-2023-34362), web shell (LEMURLOOT)
Vulnerabilities Exploited CVE-2024-55956 (Cleo MFT products), CVE-2023-34362 (MOVEit)
TTPs – Zero-day exploit
– Large-scale data breaches
– Threat of public data leaks
– Ransom demands
Attribution Cl0p ransomware group; previously involved in MOVEit and GoAnywhere breaches
Recommendations – Immediate patching of Cleo software
– Regular security assessments
– Enhanced monitoring for signs of compromise
Source Hackread

Read full article: https://hackread.com/cl0p-ransomware-exploits-cleo-vulnerability-data-leaks/

The above summary has been generated by an AI language model

Source: Hackread

Published on: December 16, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *